IE 5.22 on Mac Transmitting HTTP Referer from Secure Page

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052639 漏洞类型
发布时间 2008-07-18 更新时间 2008-07-18
CVE编号 CVE-2003-1560
漏洞平台 N/A CVSS评分 N/A
This applies to ALL versions of Internet Explorer on all systems, though
IE on Windows require that the HTTPS site is left through a redirection.
I verified this on IE 5, 5.5, 6 and 6SP1.

As an easily demonstrated example, open your Windows IE and go to

then to verify that no referer is typically sent (the expected behavior)
write the following in your Address Bar



If you want to see the referer being sent from
to write the following



The redirect script has to be on the same domain. It is not uncommon to
see redirectors on sites protected by SSL, most typically webmail

Lots of other browsers have been vulnerable to this, including Netscape
4 and Opera.


Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
thor (at) pivx (dot) com [email concealed]

PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of

-----Original Message-----
From: deane (at) deanebarker (dot) net [email concealed] [mailto:deane (at) deanebarker (dot) net [email concealed]] 
Sent: Wednesday, December 24, 2003 8:16 AM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page

Documented instance of Internet Explorer 5.22 on a Mac transmitting an
HTTP Referer header from a link on a secure page (https):

This is clearly covered in the HTTP 1.1 spec (RFC 2616), Section 15.1.3,
"Encoding Sensitive Information in URI's":

"Clients SHOULD NOT include a Referer header field in a (non-secure)
HTTP request if the referring page was transferred with a secure